Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/QHXXwuBREQjZKl8F7s5sxbNwu4g.roa
File:                     QHXXwuBREQjZKl8F7s5sxbNwu4g.roa (raw, json)
Hash identifier:          D4JeYl88GsmPz/mrdoPVvfWUkmPjVec/K5FCB1oXUto=
Subject key identifier:   40:75:D7:C2:E0:51:11:08:D9:2A:5F:05:EE:CE:6C:C5:B3:70:BB:88
Certificate issuer:       /CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
Certificate serial:       04B33ADF
Authority key identifier: 06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/QHXXwuBREQjZKl8F7s5sxbNwu4g.roa
Signing time:             Sat 01 Jan 2022 08:03:53 +0000
ROA not before:           Sat 01 Jan 2022 08:03:53 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     198389
IP address blocks:        176.103.168.0/21 maxlen: 21

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 78854879 (0x4b33adf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0637d1ce5dc3fa800e1d1dcfbdaa841fddd43905
        Validity
            Not Before: Jan  1 08:03:53 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=4075d7c2e0511108d92a5f05eece6cc5b370bb88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d5:6c:7b:88:44:37:8a:05:23:33:e2:d2:1b:
                    41:7b:09:c0:31:84:54:d7:06:ac:8d:b9:a0:fe:9a:
                    49:5a:ee:7e:88:b0:34:8c:a8:50:b0:db:47:70:84:
                    20:6e:64:75:dc:e6:d2:48:83:9e:a6:3b:e8:2b:14:
                    61:fe:48:dd:1f:a5:44:27:d4:e6:b3:31:6e:67:0d:
                    e6:fd:97:f4:5e:7e:fc:a6:91:bd:1f:ed:e8:a3:a1:
                    3a:11:15:8b:66:40:46:43:87:1b:06:3f:49:11:43:
                    e8:f7:ac:48:eb:b1:e7:cf:87:8f:72:3d:a3:f0:01:
                    f3:ea:5a:01:81:da:c5:aa:39:dd:bd:a2:0f:e5:a5:
                    d9:5a:02:42:56:0e:ed:8a:d4:2e:7e:b8:79:2e:d1:
                    83:c5:85:eb:a3:19:b6:ef:89:cb:74:ad:e7:02:ac:
                    1f:1e:e4:2f:00:3b:c9:c6:2a:07:bc:3d:10:69:d9:
                    55:15:e2:02:2d:da:5f:ea:05:25:37:f3:7d:d4:8f:
                    77:8a:9f:17:a2:66:e2:c0:d7:93:f6:3f:0e:ee:e1:
                    3c:6f:e5:88:3f:48:a7:90:e2:f1:f6:c7:b5:f5:f0:
                    8a:9c:b7:c8:88:99:65:aa:3f:ac:b7:dd:dc:fb:ae:
                    d5:63:02:94:76:da:d0:f9:c7:3b:2e:99:16:29:64:
                    20:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:75:D7:C2:E0:51:11:08:D9:2A:5F:05:EE:CE:6C:C5:B3:70:BB:88
            X509v3 Authority Key Identifier:
                keyid:06:37:D1:CE:5D:C3:FA:80:0E:1D:1D:CF:BD:AA:84:1F:DD:D4:39:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BjfRzl3D-oAOHR3PvaqEH93UOQU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/QHXXwuBREQjZKl8F7s5sxbNwu4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/eaa602-2a3f-4f32-abce-3d80d686e747/1/BjfRzl3D-oAOHR3PvaqEH93UOQU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.103.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:a6:65:93:ef:60:fe:82:c6:7e:d5:c3:62:8a:b8:f2:09:6a:
         83:95:dd:93:96:57:19:85:9e:93:fc:52:be:2a:c2:20:37:e3:
         6c:d0:56:c4:40:87:b2:62:26:b9:77:a9:c5:0b:59:03:80:93:
         17:06:b8:25:e8:8e:18:1c:1d:10:d7:7c:65:db:e1:79:29:60:
         84:9a:38:d8:be:96:d0:97:a4:d9:55:83:d2:5e:50:65:1d:b9:
         72:2d:98:46:e8:05:9c:b6:6e:96:01:73:1d:48:9c:53:3b:35:
         7a:df:c3:ad:c6:a2:4a:f1:86:21:12:59:a1:d6:7d:75:fb:bd:
         50:84:b9:ee:46:48:86:17:d3:3b:67:0d:fe:a2:46:4d:ec:3e:
         09:65:4f:b2:60:96:3c:e1:e5:54:63:13:b8:eb:3d:f3:16:83:
         36:3c:d6:48:91:0e:4a:1c:8f:38:df:f8:f1:93:07:26:a7:00:
         e2:e9:12:fb:fc:8a:50:48:30:25:44:5c:28:7c:4a:b5:02:a9:
         cc:c7:73:b7:a4:84:1f:55:81:c6:d9:40:0c:a0:56:78:61:66:
         32:8a:3d:64:46:a1:f0:1d:ab:aa:a7:ef:b9:0f:bf:76:24:f1:
         56:29:1e:fe:fd:d1:5f:b5:ff:46:41:44:ad:7c:95:91:cf:76:
         fc:a2:f5:16
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIEBLM63zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
NjM3ZDFjZTVkYzNmYTgwMGUxZDFkY2ZiZGFhODQxZmRkZDQzOTA1MB4XDTIyMDEw
MTA4MDM1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDA3NWQ3YzJlMDUx
MTEwOGQ5MmE1ZjA1ZWVjZTZjYzViMzcwYmI4ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK/VbHuIRDeKBSMz4tIbQXsJwDGEVNcGrI25oP6aSVrufoiw
NIyoULDbR3CEIG5kddzm0kiDnqY76CsUYf5I3R+lRCfU5rMxbmcN5v2X9F5+/KaR
vR/t6KOhOhEVi2ZARkOHGwY/SRFD6PesSOux58+Hj3I9o/AB8+paAYHaxao53b2i
D+Wl2VoCQlYO7YrULn64eS7Rg8WF66MZtu+Jy3St5wKsHx7kLwA7ycYqB7w9EGnZ
VRXiAi3aX+oFJTfzfdSPd4qfF6Jm4sDXk/Y/Du7hPG/liD9Ip5Di8fbHtfXwipy3
yIiZZao/rLfd3Puu1WMClHba0PnHOy6ZFilkIKMCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBRAddfC4FERCNkqXwXuzmzFs3C7iDAfBgNVHSMEGDAWgBQGN9HOXcP6gA4d
Hc+9qoQf3dQ5BTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0JqZlJ6bDNELW9BT0hSM1B2YXFFSDkzVU9RVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjcvZWFhNjAyLTJhM2YtNGYzMi1hYmNlLTNkODBkNjg2ZTc0Ny8x
L1FIWFh3dUJSRVFqWktsOEY3czVzeGJOd3U0Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjcv
ZWFhNjAyLTJhM2YtNGYzMi1hYmNlLTNkODBkNjg2ZTc0Ny8xL0JqZlJ6bDNELW9B
T0hSM1B2YXFFSDkzVU9RVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA7BnqDANBgkqhkiG9w0BAQsFAAOC
AQEABKZlk+9g/oLGftXDYoq48glqg5Xdk5ZXGYWek/xSvirCIDfjbNBWxECHsmIm
uXepxQtZA4CTFwa4JeiOGBwdENd8ZdvheSlghJo42L6W0Jek2VWD0l5QZR25ci2Y
RugFnLZulgFzHUicUzs1et/DrcaiSvGGIRJZodZ9dfu9UIS57kZIhhfTO2cN/qJG
Tew+CWVPsmCWPOHlVGMTuOs98xaDNjzWSJEOShyPON/48ZMHJqcA4ukS+/yKUEgw
JURcKHxKtQKpzMdzt6SEH1WBxtlADKBWeGFmMoo9ZEah8B2rqqfvuQ+/diTxVike
/v3RX7X/RkFErXyVkc92/KL1Fg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:15 2024 by rpki-client on console-ams.rpki-client.org